Security Tools

Alive is a lightweight safety status tool for people living alone. Unlike location/social tracking, it’s almost invisible: set a check-in timer and tap once daily; if time runs out or check-ins are missed, it auto emails tiered alerts to your emergency contacts. It’s instant to start (no sign-up), no location, minimal permissions, no irrelevant data. Contacts and logs are encrypted. Customize period, grace, reminder cadence, and quiet hours. Silent when you’re fine, loud when you’re not.

PicKey’s AI uses your favorite picture along with a 3D character to create an exceptionally strong Master Password. You no longer need to type or remember any text passwords. PicKey, being a visual password manager blends absolute security with effortless usability.

Transcodes is an Authentication-as-a-Service platform for passkey-first, passwordless login and MFA. Users can sign in with passkeys, TOTP, or hardware authenticators (e.g., YubiKey via USB/NFC). It supports phishing-resistant authentication, admin MFA, and DPoP-bound access tokens without refresh tokens. Built for startups and small businesses, Transcodes works without requiring clients to integrate their own backend

API Radar turns leaked API keys into a searchable threat feed for your own org. This new version rebuilds the core engine so it continuously discovers exposed keys in public GitHub, then lets you slice them by provider, repo, file path, and time to see exactly what’s out and where. Instead of digging through noisy scanners or random alerts, you get a focused view of real leaked credentials you can revoke and rotate fast.

I’ve seen many Supabase apps accidentally expose PII, PCI, or hardcoded keys. It’s easy to miss and expensive to fix. So I built Supaguard — it scans your app in minutes and shows exactly what’s exposed. • No setup, just connect • Detects PII, PCI & API keys • Instant alerts Launch offer: 2 free scans + 35% New Year discount 👉 supaguard.pro Feedback welcome — built to help devs stay safe without headaches.

JavaScript virtualization that compiles your code into proprietary bytecode running inside a custom VM - regenerated uniquely for every build.

AI code review that actually thinks. 30+ agents, zero noise.

Mirror detects background macOS apps that deliberately hide from Activity Monitor. It exposes stealth tools like Interview Coder, Cluely, Hiding AI, and similar apps designed to stay invisible giving you full visibility and control over what’s really running on your Mac.

Fast and free VPN for Chrome

The Snyk AI-BOM CLI maps the critical AI components powering your application, including AI models, datasets, and external services. It extends the traditional SBOM to create a clear inventory of everything your AI code relies on. Use Snyk AI-BOM to detect and map dependencies created via the MCP open standard, providing security and engineering leaders with the governance insights they need. Audit AI usage, track LLM providers, and ensure compliance with one command

Pylar connects agents to your data stack, safely. Connect to any datasource, define exactly what an agent can see, turn those views into custom MCP tools, and publish them to any agent builder - with full observability across every AI deployment.

Infosec news that doesn’t make you want to quit tech.

Google is rolling out SynthID in the Gemini app, making it easy to verify whether an image was created or edited with Google AI. Just upload the picture and ask. Gemini checks for the watermark and gives a clear, quick response.

Hirosend strips away the clutter of traditional file-sharing tools to deliver a simple, secure experience. No complex setup. No accounts required to download. No confusing dashboards. Just fast, protected file delivery.
 Security is baked in from the moment you upload. Files are encrypted, link access is managed automatically, and everything expires on its own, so nothing lingers longer than it should. It’s simple, fast file sharing for anyone who wants peace of mind without the complexity.

Protect your sites and APIs with advanced WAF, DDoS mitigation, rate limiting, bot detection, and upload scanning. Configure protection in an intuitive dashboard and get real-time visibility through detailed event logs. Serious security shouldn’t be a luxury. Start free. Scale with fair, transparent pricing.

Golf Firewall is the security layer for companies exposing MCP servers. It protects your MCP server from serving malicious or sensitive data - blocking prompt injections, PII leaks, and credential exposure before they reach customer agents.

Gammacode is an Web and Agentic CLI for SMBs and Developers to ship secure code faster. AI agents scan repos for vulnerabilities, then auto-fix security issues, bugs, and tech debt in secure sandboxes and through github actions reducing risks by 50%.

Trace-AI predicts and prevents supply-chain attacks via metadata-driven analysis of open-source dependencies, registries, and maintainer activity, no source code needed. Built by engineers who scaled to millions, it helps teams ship fast and secure.

Hacktivate is a safe, gamified way for students to learn real cybersecurity skills through interactive hacking challenges, using iPhone, iPad, or Mac. Created by an indie developer to make computer science education more fun!

Astra’s Trust Center is a customizable hub to showcase your real-time security posture. With AI-assisted creation, it makes it easy to build, maintain, and share security practices, certifications, and compliance updates.

Right-click any macOS app to reveal extensive details: contents, versions, components, document types, and extensions. View security info (Gatekeeper, notarization, App Sandbox, signatures), browse entitlements, and inspect Info.plist and frameworks.